From: Gregory Gombas (ggombas@gmail.com)
Date: Tue Dec 09 2008 - 16:22:57 ARST
Hi Gang,
My client has a Cisco router with a T1 connection to the internet.
They were only allocated one IP from the ISP and that is assigned to
the serial interface of the Cisco router.
Currently the router is doing the NAT'ing and firewall functions for
the internal network, but they would like to install a separate
firewall behind the router so they can control the filtering and NAT
translations from this new firewall instead of the router.
Can I put the router into bridge mode so that I can assign the
internet address directly to the firewall? I tried testing this in my
lab but the problem is the arp requests from the firewall are failing
due to the difference in encapsulations.
The setup looks like this:
ISP (55.55.55.1/30)
|
Router
|
Firewall (55.55.55.2/30)
|
Internal Network (192.168.1.0/24)
Is this even feasible?
Thanks,
Greg
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:08 ARST